Assessing and Exploiting Control Systems

You won't find this kind of material in other training options. Also the labs look great.

David Jimenez, Pemex

Very practical information from an industry expert facilitator. With a lot of ideas in a 5-day course. Excellent!

Ravindranath Goswami, PowerGen

This is not your traditional SCADA security course! This course teaches hands-on penetration testing techniques used to test embedded electronic field devices, network protocols, RF communications, and controlling servers of ICS and Smart Grid systems like PLCs, RTUs, smart meters, Home Area Networks (HAN), smart appliances, SCADA, substation automation, and synchrophasors. This course is structured around the formal penetration testing methodology created by the National Energy Sector Cybersecurity Organization Resource (NESCOR), a United States Department of Energy project. Using this methodology and SamuraiSTFU (Security Testing Framework for Utilities), an open source Linux distribution for pentesting energy sector systems and other critical infrastructure, we'll perform hands-on penetration testing tasks on embedded electronic field devices, their RF communications, and the myriad of user interfaces used throughout smart grid systems. WeÃ¢ÂÂll tie these techniques and exercises back to the smart grid devices that can be tested using these techniques. We will also do exercises on dissecting and fuzzing smart grid protocols like modbus, DNP3, IEC 61850, ICCP, ZigBee, C37.118, and C12.22. The course exercises will be performed on a mixture of real world and simulated devices to give students the most realistic experience as possible in a portable classroom setting.

Notice:

SANS Hosted are a Series of Classes Presented by Other Educational Providers to Complement Your Needs for Training Outside of our Current Course Offerings.

Additional Information

Laptop Required

Laptop with at least two USB ports (three ports preferred). If you only have two USB ports and they are right next to each other, you will need to bring a USB extension cable.

Latest VMware Player, VMware Workstation, VWware Fusion installed. Other virtualization software such as Parallels or VirtualBox will probably work if the attendee is familiar with its functionality, however VMware Player should be prepared as a backup just in case.

Ability to disable all security software on their laptop such as Antivirus and/or firewalls

At least twenty (20) GB of hard drive space

At least four (4) GB of RAM

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

Prerequisites

Basic penetration testing experience is desirable, but not required. It is assumed that attendees will have no knowledge of ICS, Smart Grid, SCADA, or critical infrastructure. This course is designed for intermediate level security professionals, be they developers, managers, or penetration testers.